# A filter to block requests with a suspicious $body_bytes_sent
#
# Matches e.g.
# put some new matches here


#
[Definition]

## Matches requests for demu.red/ that have a $body_bytes_sent of set ammount, as these requests look suspicious and never ask for the favicon
## This number must be updated after making a new blog post. A basic curl will give a log line with the correct number
failregex = ^<HOST> -.* "(GET|POST|HEAD) / HTTP/.*" 200 29091
            #^<HOST> -.* "(POST|HEAD|GET) 

## Ignore approved CLI useragents
ignoreregex = ^<HOST> -.* "(GET|POST|HEAD).*HTTP.*".*(w3m|Lynx)
